The information provided on this website does not, and is not intended to, act as legal, financial or credit advice; instead, it is for general informational purposes only. Information on this website may not be current. This website may contain links to other third-party websites. Such links are only for the convenience of the reader, user or browser; we do not recommend or endorse the contents of any third-party sites. Readers of this website should contact their attorney, accountant or credit counselor to obtain advice with respect to their particular situation. No reader, user, or browser of this site should act or not act on the basis of information on this site. Always seek personal legal, financial or credit advice for your relevant jurisdiction. Only your individual attorney or advisor can provide assurances that the information contained herein – and your interpretation of it – is applicable or appropriate to your particular situation. Use of, and access to, this website or any of the links or resources contained within the site do not create an attorney-client or fiduciary relationship between the reader, user, or browser and website owner, authors, contributors, contributing firms, or their respective employers.
Credit.com receives compensation for the financial products and services advertised on this site if our users apply for and sign up for any of them. Compensation is not a factor in the substantive evaluation of any product.
Your human resources department plays a vital role in how your company gets things done. It makes sure you are staffed properly, that benefits are administered and many other important obligations are met in a timely manner.
Everyone knows the pitfalls of the HR department. If they recruit a bad player, it can hurt morale, but it won’t necessarily sink the ship. There is, however, an HR-related obligation that, if left unmet, can take a company out in a keystroke. It’s in the news every day. That obligation is security.
If the Heartbleed fiasco taught us anything, it’s that there are myriad ways your company can be affected by security issues. Your HR department is vulnerable, too, and the most dangerous fallout comes increasingly from tax-related identity theft. Last year the, IRS issued more than $4 billion in misdirected tax refunds to fraudsters. On average, a victim has to wait more than six months to receive money stolen from them in this way, and they have to jump through a number of hoops to get it. The IRS has responded by making its filters more sophisticated and hiring more than 3,000 caseworkers, but the problem persists and is, in fact, growing to the consternation of government, law enforcement and taxpayers.
Brian Krebs reported on a new scam recently in which cyber thieves had stolen W-2s and other employee personal information from a cloud server provided by Ultimate Software’s UltiPro. In addition to providing a place where HR professionals can store employee information and other vital HR files, the cloud also provides an irresistible opportunity for cyber criminals. According to Krebs, the crime ring created crimeware that was even available for licensing to other criminals. It allowed the fraudsters to track tax returns filed fraudulently on behalf of almost every employee with a W-2 on file with the affected companies. Ultimate Software says the incidents appear to be on the end-user side through individual employee computers that are infected with malware.
It used to be that a company’s intellectual property and trade secrets—from search engine algorithms to the secret sauce—were the most important assets to protect. That’s still the case, but increasingly employee information is just as valuable. Fail to protect it, and your company could be exposed to significant penalties and fines, as well as a wave of enterprise-killing lawsuits.
The FTC has created Identity Theft Prevention tools for the workplace. Here are some best practices that will help:
We live in an age where the third certainty in life is that you will have to deal with a data breach. I’ve written elsewhere about preparing for that. At close of the day, you want the “R” in HR to stand for “resource” and not “radioactivity.” By developing strict data security standards and properly training your HR personnel (continuously) to respect and utilize best practices, you can help your HR department to keep things running on time.
[Editor’s note: If you’re concerned that the security practices in your workplace HR office has left your personal information vulnerable, there are ways to monitor for fraud that may have occurred in your name as a result. By checking your credit reports regularly, and by monitoring your credit scores for unexpected drops (which you can do for free on Credit.com), you may discover signs that your identity has been stolen.]
Image: AlexRaths
October 19, 2023
Identity Theft and Scams
May 17, 2022
Identity Theft and Scams
May 20, 2021
Identity Theft and Scams